Domain Name Wire

Domain Name Wire

  • Go Daddy Explains Whois Blocking

    1. BY - Jan 04, 2011
    2. Domain Registrars
    3. 28 Comments

    Company explains access restrictions on third party sites.

    Users of third party whois search tools have been frustrated in the past few days whenever they look up a domain name registered at Go Daddy. Instead of seeing who owns the domain name, they are given a URL to look up the whois information directly at Go Daddy. Here’s an example from DomainTools:

    This appears to be occurring on many whois lookup sites, not just DomainTools. For example, searches at who.is return a similar result. A search at iWhois.com earlier today had the same problem, and a note on the page said that the service was having difficulty with Go Daddy whois lookups. The problem is now (at least temporarily) resolved for iWhois.

    I contacted Go Daddy to find out what was going on, and received this statement from Rich Merdinger
    Director, Domain Services:

    Go Daddy values customer privacy. We monitor WHOIS data regularly to ensure our customers’ information is being accessed properly and not being harvested for unintended uses. If we suspect that any service is harvesting WHOIS data, we will limit access to that specific source.

    We are not taking the WHOIS information offline, however. Anyone can find the WHOIS information on a domain name registered through Go Daddy by visiting http://whois.GoDaddy.com.

    If a company or service has questions about accessing Go Daddy WHOIS information, they can email dns (at) jomax.net.

    This is merely a nuisance to the typical DomainTools user. But it could affect some of DomainTools’ more popular tools. For example, I use historical whois to research domains before buying them. The service is no longer able to collect detailed records from Go Daddy to use in future historical lookups. The blocking also could prevent reverse domain name lookups. Trademark attorneys who use reverse whois to find out which domains a particular person owns may be foiled if the registrant keeps all of his domains at Go Daddy.

28 Comments
  • Thank you GD.

    Can’t be happier.

    DT has ruined many domainers by helping lawyers as per posts on forums over the years.

    First time ever I have liked something GD did :)

  • It is a shame they blocked domain tools, they have the e-mail guard to fight data miners(unlike other whois services). At the same time I must say amen to more privacy :)

  • NotSocialist says:

    January 4, 2011 at 9:53 pm

    Do not be too happy, the only reason they did this is because they will offer a service of their own like DT and they will be happy to service lawyers and you will lose more domains.

  • Thank You Godaddy,
    DomainTools is a SCUMMY company, it can help UDRP thieves to steal your name if you had on your Corp’s name and then switched to your own. And then there’s the index-page thumbshot problem, that they keep for eternity.

  • A lot of domain name thefts are detected by people looking at the historical WHOIS records. So, this is not just a mere “nuisance” for legitimate buyers doing due diligence.

    I hope DomainTools pays the $10K/yr to get the bulk WHOIS data, as per section 3.3.6 of the latest ICANN RAA.

  • This has been a long time coming. There are many organizations harvesting WHOIS information automatically. There’s been a silent but escalating war going on wherein the data harvesters would employ ever larger networks of computers on unique ip addresses to harvest WHOIS records up to the hourly/daily/weekly cap limit set by godaddy and other registrars. When the cap is reached the harvesters simply place the node in sleep mode for a random number of days in an attempt to avoid ip blacklisting.

    Godaddy and other registrars are left with two options: provide the whois data in bulk-downloadable form (not going to happen), or lock the information away behind captcha and other automation prevention mechanisms.

    New methods are going to be needed to correlate websites and root out information related to websites. That’s one of our motivations for starting Delineal.

  • Delineal: GoDaddy (and other registrars) have an ICANN-imposed *obligation* to provide bulk WHOIS access for $10,000/yr tops. Do a Google search for:

    “icann registration accreditation agreement 2009″

    (without the quotes — I’d post the link, but then my comment would get moderated, grrr. Andrew can post it later.) See section 3.3.6.

    Section 3.3.6.5 puts a “limit” as to how that bulk WHOIS can be used, i.e.

    “3.3.6.5 Registrar’s access agreement must require the third party to agree not to sell or redistribute the data except insofar as it has been incorporated by the third party into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties.”

    That should be a simple standard for DomainTools to meet, i.e. basically they’ll have to make sure that their own interface can’t be scripted (i.e. they’ll use a CAPTCHA of their own, or limit IPs, etc.).

    I’m hoping DomainTools ponies up the $10K, and things get back to normal in a few weeks.

  • Def bad news for Domaintools. GoDaddy makes up the majority of all registrations, meaning the majority of domaintools database. Soon godaddy will probably offer to unlock the info to domaintools for some sort of compensation.

    With godaddy’s market power they can essentially control any internet service offerings that are based on existing domain registrations (is domaintools the only one?). This is not too different from walmart’s ability to control manufacturer pricing of many products it sells.

  • I use domain tools all the time and although this is an added nuisance, I welcome the difficulty it brings to the table for data harvesters. I’m very happy with Godaddy for this.

  • Wow, Do you actually buy the privacy bit?

    GD has one motive: get traffic to their website, hit them with ads and useful offers for products customers don’t need or want in the first place.

    Get real. I really don’t have an issue with it, great marketing ploy but call a spade a spade please.

  • The most annoying thing for DT users is that 50% of all .com domains and 20% of all domains are at GD.

  • I was hoping someone would see GD intentions.
    Ray is totally correct.

    GD doesn’t care about your privacy.
    And, they are not interested in making
    $ 10k from whois dump.

    They want the traffic.
    They want to sell you a similar domain.
    Plus, they will acquire datamining
    about your searches.

    They will make millions from this.

  • Meyer: GoDaddy’s intentions are pretty obvious. I was just pointing out the countermeasures that DomainTools needs to take, to get around this change.

  • Yes I agree with “Meyer” this is all about getting you to GoDaddys site so they have a chance of you buying something from them.

    One upside is if your domain is listed with GoDaddy as a Premium you might just catch a sale.

    So be careful of your pricing there.

    Joey Starkey
    Memphis Domain Broker

  • GoDaddy’s approach to a number of issues is to be highly commended.

    Their ethics are increasingly beginning to standout from other major players in the industry.

    We don’t like their stance on resetting the 60 day locks for internal transfers but on issues like data harvesting for unintended use and their principled stance on Vertical Integration / Vertical Separation it’s really good to have such a major player standing up for the interests of registrants.

    @George. Things need to change – Over here in Europe there are increasing concerns with what companies can and can not do with data they hold on other companies and individuals.

    Historical WHOIS needs to be an ICANN community consensus driven approach, so everyone is aware at the point of registration what data is and is not to be retained and how it can be used and combined. Outside of the domain industry most people are effectively uniformed consumers and as such totally unaware of what is happening to their data.

    Also for the domain industry as a whole it’s far better to have as many people feeling comfortable with putting their real contact details in the WHOIS as possible. (As opposed to feeling a need to have to use privacy services simply to protect themselves and their business from the misuse of their data in the WHOIS.)

  • gpmgroup: I highly doubt this is some “principled stand” on their part. This is all about money and traffic. Read NoDaddy.com (not my site), and one can learn about how even their support is all about the upsell — and given my experience with trying to get help on an issue where they had no opportunity to “upsell” me, with them trying to get me off the phone ASAP, I believe those “horror” stories (although, some should be taken with a grain of salt).

    Recall, these are the same folks involved with the “Standard Tactics” operation that Andrew has written about. Same folks pushing hard for the flawed ETRP, rather than investing in good security that would *prevent* domain name thefts. [ETRP shifts costs to legitimate registrants, who’d have to deal with the collateral damage of seller’s remorse, etc., and is a band-aid to help registrars with weaker security]

    Have you seen GoDaddy pushing for price caps or even tender processes for existing TLDs, to lower prices for consumers/registrants?

    The 60-day internal lock is all about money. An opportunity to get an extra renewal fee, more time for an upsell, and saving money in not doing better authentication of internal transfers (i.e. using the 60-day lock as a cheaper alternative to better security).

  • If GD can make millions off of this then I imagine it would increase profits for all the other major registrars as well. Could be a limited future for domaintools. They should start working outa solution to this problem. Time to ink some deals with the registrars.

  • I think it’s been like that for awhile now. The other reason why they did this is to get more traffic, now you have to go to godaddy to do whois, it’s another opportunity for them to sell you stuff or make money on ads.

  • Godaddy values privacy and monitors whois access
    moniker uses the same info to betray their clients

  • Im not a huge fan of privacy. I like that you can look up who owns what domain name. I think you should be able ton contact domain owners.

  • If there was a “thick” WHOIS (provided by the registry), then registrars like GoDaddy couldn’t do this blocking. If you do a lookup for GoDaddy.org or .biz or .info at DomainTools, the full WHOIS is visible, because those are “thick”.

    .com and .net are “thin”, though.

  • .eu and .uk are handled very differently by domaintools. While the .uk allows 3rd parties to display their WHOIS data they are much stricter about Historical WHOIS and data aggregation of such as reverse WHOIS etc.

  • I noticed that if I check an .info domain (registered at GoDaddy) on DomainTools’ whois, the lookup returns all data, correctly. Can you experience the same?

  • I think we’re missing something here.. And if I’m correct, you may want to append your article. When you create a Go Daddy account, you are given the option to be included in bulk whois searches (defaults to yes). You should also be able to adjust this setting by contacting the customer support line. But the point is, Go Daddy’s domains should show available in whois searches unless the customer has specifically chosen not to. My domains show up.

  • @vman – I think you’re talking about whois privacy.

  • I’m not sure. If you go to the Create Account page, you see this option: “include your registrant information in third party Bulk Whois requests?” (yes or no) This isn’t related to domainsbyproxy. It may very well be that both are true though. I looked up a .com of mine in who.is and the info didn’t display, so it seems Go Daddy must be blocking them. But for as far back as I can remember, the info has displayed in DomainTools. Interesting article, hopefully more information will come to light on it.

  • I think that GoDaddy has correct this problem now. Thanks for a great post.

Leave a Reply